This video shows how to use Magnet ACQUIRE to obtain a physical image of Android mobile phone devices using TWRP. The phone used in this video is a Samsung Galaxy S5 mobile phone (SM-G900W8) running Android 6.0.1:
Amanda Rousseau has published a course on basics of malware reverse engineering at her GitHub. The course consists of 6 sections: fundamentals, malware techniques, RE tools, triage analysis, static analysis and dynamic analysis.
Philippe Lagadec has published a blog post on how to find data hidden at the end of an OLE file. You will learn about Microsoft Compound File Binary Format (OLE format) and how to determine the end of OLE data to find hidden objects.
In recent years Android operating system, being installed on huge numbers of smartphones, tablets and other devices, had a breakthrough on the market. Following that success, the need to recover and analyze data from Android OS, became important part of mobile forensics. Consequently, many commercial and open-source mobile forensic tools became available for forensics investigators. The subject of this paper …
Brian Moran from BriMor Labs has posted an article on how to load a SQL .bak file for analysis, without SQL Server previously installed. The process consists of eight steps: 1) Download SQL Server 2016 SP1 Developer edition 2) Download Microsoft SQL Server Management Studio 3) Copy executables to flash drive 4) Copy executables to offline system 5) Install SQL Server …
NVISO Labs has published a blog post about analysis of some obfuscated scripts that they received. These files were already detected by automated scanners but as these are mainly malware droppers, they decided to do some manual analysis to determine where the actual malware is hosted.
Mark Robinson has published a post on how to carve data out of PCAPs. Step-by-step guides will show you how to do it with Wireshark, Bro IDS, and Network Miner.
The easy access and common usage of GNSS systems has provided a wealth of evidential information that may be accessed by a digital forensic investigator. Google Earth is commonly used on all manner of devices for geolocation services and consequently has a wide range of tools that will relate real time and stored GNSS data to maps. As an aid …
Increased use of cloud storage services have become a necessity alternative that complements the main storage media in everyday activities because it offers ease of doing automatic backups, sharing files and photos and so forth on a variety of computing devices and smartphones. It is very possible loopholes for criminals to store illegal files or matters relating to such activities. …
Didier Stevens has published a post about using ClamAV with YARA rules for hunting in NVISO Labs blog. He notes that one of the important features of ClamAV is the file decomposition capability. So if the file you want to analyze resides in an archive, or is a packed executable, then ClamAV unarchives/unpacks it, and run the YARA engine. Also you will …
Login
